java source code of JacksonXSSDeserializer

youran-master
- youran-parent
  - pom.xml
- youran-generate-core
  - src
    - main
      - resources
        mysql_keyword.txt
        com
        youran
        generate
        dao
        MetaManyToManyDAO.xml
        CodeTemplateDAO.xml
        MetaConstDetailDAO.xml
        GenHistoryDAO.xml
        TemplateFileDAO.xml
        MetaCascadeExtDAO.xml
        MetaConstDAO.xml
        MetaFieldDAO.xml
        MetaProjectDAO.xml
        MetaMtmCascadeExtDAO.xml
        MetaIndexDAO.xml
        MetaEntityDAO.xml
        UserSettingDAO.xml
        MetaIndexFieldDAO.xml
        mybatis-config.xml
      - java
        com
        youran
        generate
        dao
        GenHistoryDAO.java
        MetaProjectDAO.java
        MetaCascadeExtDAO.java
        MetaIndexFieldDAO.java
        MetaIndexDAO.java
        UserSettingDAO.java
        CodeTemplateDAO.java
        TemplateFileDAO.java
        MetaConstDAO.java
        MetaFieldDAO.java
        MetaManyToManyDAO.java
        MetaMtmCascadeExtDAO.java
        MetaEntityDAO.java
        MetaConstDetailDAO.java
        constant
        GenerateConst.java
        MetaConstType.java
        JFieldType.java
        DevMode.java
        WordBlacklist.java
        WebConst.java
        PrimaryKeyStrategy.java
        EditType.java
        ContextType.java
        PatternConst.java
        DefaultValue.java
        MySqlType.java
        TemplateFileType.java
        FeatureConst.java
        MetaSpecialField.java
        QueryType.java
        pojo
        po
        MetaEntityPO.java
        MetaIndexPO.java
        MetaConstPO.java
        MetaCascadeExtPO.java
        BasePO.java
        GenHistoryPO.java
        MetaProjectPO.java
        MetaManyToManyPO.java
        MetaFieldPO.java
        CodeTemplatePO.java
        MetaIndexFieldPO.java
        MetaConstDetailPO.java
        UserSettingPO.java
        TemplateFilePO.java
        MetaMtmCascadeExtPO.java
        vo
        MetaEntityInnerValidateVO.java
        MetaAbstractValidateVO.java
        CodeTemplateListVO.java
        MetaProjectListVO.java
        GenHistoryShowVO.java
        UserSettingShowVO.java
        FileNodeVO.java
        MetaCascadeExtShowVO.java
        MetaEntityShowVO.java
        CheckCommitVO.java
        EntityDiagramVO.java
        TemplateFileShowVO.java
        GenHistoryListVO.java
        MetaConstShowVO.java
        MetaManyToManyShowVO.java
        RelationDiagramVO.java
        MetaMtmEntityListVO.java
        MetaConstDetailShowVO.java
        FieldDiagramVO.java
        CodeTemplateShowVO.java
        TemplateFileListVO.java
        MetaConstListVO.java
        MetaEntityListPairVO.java
        MetaFieldListVO.java
        SystemUserInfoVO.java
        MetaIndexShowVO.java
        MetaIndexListVO.java
        MetaFieldShowVO.java
        MetaProjectShowVO.java
        CodeTreeVO.java
        UserSettingListVO.java
        MetaConstDetailListVO.java
        MetaMtmCascadeExtListVO.java
        MetaCascadeExtListVO.java
        TemplateDirTreeVO.java
        MetaEntityListVO.java
        ProgressVO.java
        MetaMtmCascadeExtShowVO.java
        MetaManyToManyListVO.java
        MetaFieldValidateVO.java
        ErDiagramVO.java
        dto
        MetaProjectAddDTO.java
        MetaEntityFeatureDTO.java
        ForeignEntityTreeNode.java
        ReverseEngineeringDTO.java
        MetaFieldAddDTO.java
        TemplateFileContentUpdateDTO.java
        CodeTemplateUpdateDTO.java
        MetaMtmEntityFeatureDTO.java
        MetaIndexUpdateDTO.java
        MetaManyToManyAddDTO.java
        GitCredentialDTO.java
        MetaMtmCascadeExtUpdateDTO.java
        MetaConstDetailUpdateDTO.java
        CodeTemplateAddDTO.java
        UserSettingAddDTO.java
        MetaEntityUpdateDTO.java
        MetaMtmCascadeExtAddDTO.java
        MetaCascadeExtAddDTO.java
        MetaCascadeExtUpdateDTO.java
        SystemDTO.java
        MetaConstDetailAddDTO.java
        MetaConstUpdateDTO.java
        MetaFieldUpdateDTO.java
        MetaManyToManyUpdateDTO.java
        UserSettingUpdateDTO.java
        MetaProjectUpdateDTO.java
        MetaEntityAddDTO.java
        MetaIndexAddDTO.java
        MetaConstAddDTO.java
        MetaFieldUpdateOrderNoDTO.java
        MetaMtmFeatureDTO.java
        MetaProjectFeatureDTO.java
        TemplateFileUpdateDTO.java
        TemplateFileAddDTO.java
        example
        MetaCascadeExtExample.java
        MetaFieldExample.java
        UserSettingExample.java
        MetaIndexExample.java
        CodeTemplateExample.java
        MetaProjectExample.java
        MetaConstDetailExample.java
        MetaConstExample.java
        MetaIndexFieldExample.java
        TemplateFileExample.java
        MetaMtmCascadeExtExample.java
        MetaManyToManyExample.java
        MetaEntityExample.java
        GenHistoryExample.java
        qo
        CodeTemplateQO.java
        MetaMtmCascadeExtQO.java
        GenHistoryQO.java
        MetaConstQO.java
        MetaCascadeExtQO.java
        TemplateFileQO.java
        MetaManyToManyQO.java
        CodeContentQO.java
        UserSettingQO.java
        MetaConstDetailQO.java
        MetaEntityQO.java
        MetaProjectQO.java
        MetaIndexQO.java
        MetaFieldQO.java
        mapper
        CodeTemplateMapper.java
        MetaConstDetailMapper.java
        MetaProjectMapper.java
        MetaConstMapper.java
        MetaFieldMapper.java
        MetaIndexMapper.java
        FeatureMapper.java
        MetaEntityMapper.java
        CommonMapper.java
        MetaCascadeExtMapper.java
        TemplateFileMapper.java
        GenHistoryMapper.java
        UserSettingMapper.java
        MetaMtmCascadeExtMapper.java
        MetaManyToManyMapper.java
        util
        VersionUtil.java
        SwitchCaseUtil.java
        Zip4jUtil.java
        GuessUtil.java
        MetadataUtil.java
        FileNodeUtil.java
        config
        GenerateProperties.java
        GenerateAuthentication.java
        GenerateConfiguration.java
        service
        MetaMtmCascadeExtService.java
        MetaCascadeExtService.java
        MetaImportExportService.java
        MetaQueryAssembleService.java
        GitService.java
        UserSettingService.java
        MetaCodeGenService.java
        MetaEntityService.java
        MetaIndexService.java
        MetaValidateService.java
        DataDirService.java
        MetaProjectService.java
        MetaConstService.java
        CodeTemplateService.java
        TemplateImportExportService.java
        GenHistoryService.java
        TemplateFileOutputService.java
        ReverseEngineeringService.java
        MetaManyToManyService.java
        TemplateFileService.java
        MetaConstDetailService.java
        CodeTemplateAssembleAndCopyService.java
        MetaFieldService.java
        exception
        SkipCurrentException.java
        template
        function
        JavaTemplateFunction.java
        CommonTemplateFunction.java
        SqlTemplateFunction.java
        context
        ConstContext.java
        BaseContext.java
        EntityContext.java
        renderer
        TemplateRendererBuilder.java
        TemplateRenderer.java
        freemarker
        FreeMarkerRenderer.java
        FreeMarkerTemplateRendererBuilder.java
        FreeMarkerConfigFactory.java
  - pom.xml
- pom.xml
- youran-generate-ui
  - src
    - icons
      - svg
        question.svg
        trash.svg
        preview.svg
        folder.svg
        reverse-engineering.svg
        times.svg
        txt.svg
        check.svg
        download.svg
        sql.svg
        edit2.svg
        edit-file.svg
        diff.svg
        double-right.svg
        info.svg
        code.svg
        code-download.svg
        java.svg
        edit.svg
        version.svg
        git.svg
        yaml.svg
        xml.svg
        common.svg
        delete.svg
        properties.svg
        create-user.svg
        md.svg
        add-file.svg
        mark-circle.svg
        key.svg
        time.svg
        delete-file.svg
        upload.svg
        edit-user.svg
        logo.svg
      - svg-color
        project.svg
        template.svg
        home.svg
      - svgo.yml
      - index.js
    - utils
      - event-hub.js
      - field-template.js
      - options.js
      - common-plugin.js
      - file-type-util.js
      - element-tree-util.js
      - request.js
    - views
      - home
        tutorial.md
        index.vue
      - const
        list.vue
        form.vue
        index.vue
        model.js
      - entity
        erDiagram.vue
        list.vue
        form.vue
        index.vue
        mtmForm.vue
        model.js
      - field
        indexForm.vue
        list.vue
        form.vue
        index.vue
        model.js
      - project
        codePreview.vue
        list.vue
        form.vue
        index.vue
        import.vue
        model.js
      - template
        templateFiles.vue
        list.vue
        form.vue
        index.vue
        import.vue
        model.js
      - mtmCascadeExt
        list.vue
      - cascadeExt
        list.vue
    - api
      - system.js
      - field.js
      - mtm.js
      - mtmCascadeExt.js
      - cascadeExt.js
      - template.js
      - project.js
      - entity.js
      - const.js
      - index.js
    - main.js
    - router
      - index.js
    - components
      - HelpPopover
        help-content.js
        index.vue
      - MarkdownEditor
        default-options.js
        index.vue
      - Meteor
        index.vue
      - SvgIcon
        index.vue
      - VueSimpleContextMenu
        index.vue
    - store
      - modules
        systemUserInfo.js
        fieldTemplate.js
        app.js
      - index.js
    - App.vue
    - assets
      - main.scss
      - element-override.scss
      - avatar.jpg
      - coding-panel.scss
      - common.scss
  - .env.development
  - .env
  - public
    - favicon.ico
    - index.html
  - postcss.config.js
  - .editorconfig
  - babel.config.js
  - .browserslistrc
  - vue.config.js
  - README.md
  - package.json
  - .eslintrc.js
  - .env.production
  - .gitignore
- youran-generate-release
  - pom.xml
  - assembly
    - package.xml
    - bin
      - startup.cmd
      - startup.sh
    - schema
      - init.sql
    - conf
      - application-local.yml
- LICENSE
- .editorconfig
- youran-generate-web
  - src
    - main
      - resources
        application.yml
        application-local.yml
      - java
        com
        youran
        generate
        web
        api
        CodePreviewAPI.java
        MetaCascadeExtAPI.java
        MetaValidateAPI.java
        MetaConstAPI.java
        SystemUserAPI.java
        MetaIndexAPI.java
        GenHistoryAPI.java
        MetaProjectAPI.java
        MetaEntityAPI.java
        MetaConstDetailAPI.java
        MetaCodeGenAPI.java
        ErDiagramAPI.java
        MetaMtmCascadeExtAPI.java
        MetaFieldAPI.java
        MetaImportExportAPI.java
        MetaManyToManyAPI.java
        CodeTemplateAPI.java
        ReverseEngineeringAPI.java
        TemplateFileAPI.java
        context
        GenerateLoginContext.java
        util
        IpUtil.java
        config
        InitUserCommandLineRunner.java
        SwaggerConfig.java
        MvcConfig.java
        WebConfig.java
        StartLogCommandLineRunner.java
        WebSocketConfig.java
        advice
        ExceptionTranslator.java
        AbstractController.java
        rest
        MetaProjectController.java
        ReverseEngineeringController.java
        CodePreviewController.java
        ErDiagramController.java
        MetaManyToManyController.java
        MetaFieldController.java
        MetaConstDetailController.java
        GenHistoryController.java
        CodeTemplateController.java
        MetaValidateController.java
        MetaMtmCascadeExtController.java
        MetaConstController.java
        SystemUserController.java
        MetaCodeGenController.java
        MetaCascadeExtController.java
        MetaImportExportController.java
        MetaIndexController.java
        MetaEntityController.java
        TemplateFileController.java
        ws
        MetaCodeGenWsController.java
        GenerateApp.java
    - test
      - resources
        application-local.yml
        DB
        generate.sql
      - java
        com
        youran
        generate
        help
        TemplateFileHelper.java
        GenerateHelper.java
        MetaMtmCascadeExtHelper.java
        CodeTemplateHelper.java
        MetaIndexHelper.java
        MetaConstDetailHelper.java
        MetaConstHelper.java
        MetaEntityHelper.java
        MetaCascadeExtHelper.java
        MetaProjectHelper.java
        MetaManyToManyHelper.java
        MetaFieldHelper.java
        web
        AbstractWebTest.java
        rest
        MetaConstControllerTest.java
        MetaMtmCascadeExtControllerTest.java
        MetaFieldControllerTest.java
        CodeTemplateControllerTest.java
        ReverseEngineeringControllerTest.java
        MetaConstDetailControllerTest.java
        MetaProjectControllerTest.java
        MetaCascadeExtControllerTest.java
        TemplateFileControllerTest.java
        MetaManyToManyControllerTest.java
        MetaEntityControllerTest.java
        MetaIndexControllerTest.java
        AbstractTest.java
        util
        H2Util.java
        H2Flusher.java
        Main.java
        TestConfiguration.java
  - pom.xml
- README.md
- youran-common
  - src
    - main
      - java
        com
        youran
        common
        optimistic
        OptimisticException.java
        OptimisticLockConfiguration.java
        OptimisticLockAspect.java
        OptimisticLock.java
        EnableOptimisticLock.java
        dao
        DAO.java
        xss
        XSSRequestWrapper.java
        XSSUtil.java
        IgnoreXSS.java
        WebXSSFilter.java
        JacksonXSSDeserializer.java
        constant
        JsonFieldConst.java
        ErrorCode.java
        BoolConst.java
        validator
        Check.java
        Const.java
        context
        LoginContext.java
        pojo
        po
        Deleted.java
        CreatedBy.java
        AbstractPO.java
        OperatedTime.java
        OperatedBy.java
        CreatedTime.java
        Version.java
        CreatedOperatedDelete.java
        Operated.java
        CreatedOperatedDeletedVersion.java
        Created.java
        vo
        AbstractVO.java
        ReplyVO.java
        PageVO.java
        dto
        AbstractDTO.java
        example
        AbstractExample.java
        qo
        AbstractQO.java
        PageQO.java
        util
        AESSecurityUtil.java
        UUIDUtil.java
        TempDirUtil.java
        ConvertUtil.java
        Base64Util.java
        DateUtil.java
        JsonUtil.java
        TreeUtil.java
        SafeUtil.java
        SpringUtil.java
        exception
        BusinessException.java
        convert
        MyCustomDateEditor.java
        tree
        TreeNode.java
  - pom.xml
- .gitignore
- doc
  - IncrementalGeneration.md
  - ChangeLog.md

package com.youran.common.xss;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.BeanProperty;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.deser.ContextualDeserializer;
import com.fasterxml.jackson.databind.deser.std.StdScalarDeserializer;
import com.fasterxml.jackson.databind.deser.std.StringDeserializer;
import com.fasterxml.jackson.databind.jsontype.TypeDeserializer;

import java.io.IOException;

/**
 * jackson防XSS反序列化器
 * 请使用该反序列化器替代默认的字符串反序列化器
 *
 * @author: cbb
 * @date: 2018/4/10
 */
public class JacksonXSSDeserializer extends StdScalarDeserializer<String> implements ContextualDeserializer {

    public JacksonXSSDeserializer() {
        super(String.class);
    }

    @Override
    public JsonDeserializer<?> createContextual(DeserializationContext ctxt, BeanProperty property) throws JsonMappingException {
        if (property != null) {
            IgnoreXSS annotation = property.getAnnotation(IgnoreXSS.class);
            if (annotation != null) {
                return StringDeserializer.instance;
            }
        }
        return this;
    }

    @Override
    public String deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
        String value = StringDeserializer.instance.deserialize(p, ctxt);
        return XSSUtil.clean(value);
    }

    @Override
    public String deserializeWithType(JsonParser jp, DeserializationContext ctxt, TypeDeserializer typeDeserializer) throws IOException {
        String value = StringDeserializer.instance.deserializeWithType(jp, ctxt, typeDeserializer);
        return XSSUtil.clean(value);
    }

    @Override
    public boolean isCachable() {
        return StringDeserializer.instance.isCachable();
    }

}